1
+ # ---------------------
2
+ # custom_nginx.template
3
+ # ---------------------
4
+
5
+ worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
6
+ daemon ${{NGINX_DAEMON}}; # can be set by kong.conf
7
+
8
+ pid pids/nginx.pid; # this setting is mandatory
9
+ error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
10
+ events {}
11
+
12
+ http {
13
+ charset UTF-8;
14
+ error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
15
+ client_max_body_size ${{CLIENT_MAX_BODY_SIZE}};
16
+ proxy_ssl_server_name on;
17
+ underscores_in_headers on;
18
+ lua_package_path '${{LUA_PACKAGE_PATH}};;';
19
+ lua_package_cpath '${{LUA_PACKAGE_CPATH}};;';
20
+ lua_socket_pool_size ${{LUA_SOCKET_POOL_SIZE}};
21
+ lua_max_running_timers 4096;
22
+ lua_max_pending_timers 16384;
23
+ lua_shared_dict kong 5m;
24
+ lua_shared_dict kong_db_cache ${{MEM_CACHE_SIZE}};
25
+ lua_shared_dict kong_db_cache_miss 12m;
26
+ lua_shared_dict kong_locks 8m;
27
+ lua_shared_dict kong_process_events 5m;
28
+ lua_shared_dict kong_cluster_events 5m;
29
+ lua_shared_dict kong_healthchecks 5m;
30
+ lua_shared_dict kong_rate_limiting_counters 12m;
31
+ lua_socket_log_errors off;
32
+
33
+ > if lua_ssl_trusted_certificate then
34
+ lua_ssl_trusted_certificate '${{LUA_SSL_TRUSTED_CERTIFICATE}}';
35
+ > end
36
+ lua_ssl_verify_depth ${{LUA_SSL_VERIFY_DEPTH}};
37
+ # injected nginx_http_* directives
38
+ > for _, el in ipairs(nginx_http_directives) do
39
+ $(el.name) $(el.value);
40
+ > end
41
+ init_by_lua_block {
42
+ Kong = require 'kong'
43
+ Kong.init()
44
+ }
45
+ init_worker_by_lua_block {
46
+ Kong.init_worker()
47
+ }
48
+ > if #proxy_listeners > 0 then
49
+ upstream kong_upstream {
50
+ server 0.0.0.1;
51
+ balancer_by_lua_block {
52
+ Kong.balancer()
53
+ }
54
+ > if upstream_keepalive > 0 then
55
+ keepalive ${{UPSTREAM_KEEPALIVE}};
56
+ > end
57
+ }
58
+ server {
59
+ server_name kong;
60
+ > for i = 1, #proxy_listeners do
61
+ listen $(proxy_listeners[i].listener);
62
+ > end
63
+ error_page 400 404 408 411 412 413 414 417 494 /kong_error_handler;
64
+ error_page 500 502 503 504 /kong_error_handler;
65
+ access_log ${{PROXY_ACCESS_LOG}};
66
+ error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
67
+ client_body_buffer_size ${{CLIENT_BODY_BUFFER_SIZE}};
68
+ > if proxy_ssl_enabled then
69
+ ssl_certificate ${{SSL_CERT}};
70
+ ssl_certificate_key ${{SSL_CERT_KEY}};
71
+ ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
72
+ ssl_certificate_by_lua_block {
73
+ Kong.ssl_certificate()
74
+ }
75
+ ssl_session_cache shared:SSL:10m;
76
+ ssl_session_timeout 10m;
77
+ ssl_prefer_server_ciphers on;
78
+ ssl_ciphers ${{SSL_CIPHERS}};
79
+ > end
80
+ > if client_ssl then
81
+ proxy_ssl_certificate ${{CLIENT_SSL_CERT}};
82
+ proxy_ssl_certificate_key ${{CLIENT_SSL_CERT_KEY}};
83
+ > end
84
+ real_ip_header ${{REAL_IP_HEADER}};
85
+ real_ip_recursive ${{REAL_IP_RECURSIVE}};
86
+ > for i = 1, #trusted_ips do
87
+ set_real_ip_from $(trusted_ips[i]);
88
+ > end
89
+ # injected nginx_proxy_* directives
90
+ > for _, el in ipairs(nginx_proxy_directives) do
91
+ $(el.name) $(el.value);
92
+ > end
93
+
94
+ location / {
95
+ root /www/data;
96
+ }
97
+
98
+
99
+ location /auth/ {
100
+ proxy_pass http://iam:8080/auth/;
101
+ proxy_set_header Host $host;
102
+ proxy_set_header X-Real-IP $remote_addr;
103
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
104
+ proxy_set_header X-Forwarded-Host $host;
105
+ proxy_set_header X-Forwarded-Server $host;
106
+ proxy_set_header X-Forwarded-Port $server_port;
107
+ proxy_set_header X-Forwarded-Proto $scheme;
108
+
109
+ }
110
+
111
+
112
+ location /api {
113
+ default_type '';
114
+ set $ctx_ref '';
115
+ set $upstream_host '';
116
+ set $upstream_upgrade '';
117
+ set $upstream_connection '';
118
+ set $upstream_scheme '';
119
+ set $upstream_uri '';
120
+ set $upstream_x_forwarded_for '';
121
+ set $upstream_x_forwarded_proto '';
122
+ set $upstream_x_forwarded_host '';
123
+ set $upstream_x_forwarded_port '';
124
+ rewrite_by_lua_block {
125
+ Kong.rewrite()
126
+ }
127
+ access_by_lua_block {
128
+ Kong.access()
129
+ }
130
+ proxy_http_version 1.1;
131
+ proxy_set_header Host $upstream_host;
132
+ proxy_set_header Upgrade $upstream_upgrade;
133
+ proxy_set_header Connection $upstream_connection;
134
+ proxy_set_header X-Forwarded-For $upstream_x_forwarded_for;
135
+ proxy_set_header X-Forwarded-Proto $upstream_x_forwarded_proto;
136
+ proxy_set_header X-Forwarded-Host $upstream_x_forwarded_host;
137
+ proxy_set_header X-Forwarded-Port $upstream_x_forwarded_port;
138
+ proxy_set_header X-Real-IP $remote_addr;
139
+ proxy_pass_header Server;
140
+ proxy_pass_header Date;
141
+ proxy_ssl_name $upstream_host;
142
+ proxy_pass $upstream_scheme://kong_upstream$upstream_uri;
143
+ header_filter_by_lua_block {
144
+ Kong.header_filter()
145
+ }
146
+ body_filter_by_lua_block {
147
+ Kong.body_filter()
148
+ }
149
+ log_by_lua_block {
150
+ Kong.log()
151
+ }
152
+ }
153
+ location = /kong_error_handler {
154
+ internal;
155
+ uninitialized_variable_warn off;
156
+ content_by_lua_block {
157
+ Kong.handle_error()
158
+ }
159
+ header_filter_by_lua_block {
160
+ Kong.header_filter()
161
+ }
162
+ body_filter_by_lua_block {
163
+ Kong.body_filter()
164
+ }
165
+ log_by_lua_block {
166
+ Kong.log()
167
+ }
168
+ }
169
+ }
170
+ > end
171
+
172
+ > if #admin_listeners > 0 then
173
+ server {
174
+ server_name kong_admin;
175
+ > for i = 1, #admin_listeners do
176
+ listen $(admin_listeners[i].listener);
177
+ > end
178
+ access_log ${{ADMIN_ACCESS_LOG}};
179
+ error_log ${{ADMIN_ERROR_LOG}} ${{LOG_LEVEL}};
180
+ client_max_body_size 10m;
181
+ client_body_buffer_size 10m;
182
+ > if admin_ssl_enabled then
183
+ ssl_certificate ${{ADMIN_SSL_CERT}};
184
+ ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
185
+ ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
186
+ ssl_session_cache shared:SSL:10m;
187
+ ssl_session_timeout 10m;
188
+ ssl_prefer_server_ciphers on;
189
+ ssl_ciphers ${{SSL_CIPHERS}};
190
+ > end
191
+ # injected nginx_admin_* directives
192
+ > for _, el in ipairs(nginx_admin_directives) do
193
+ $(el.name) $(el.value);
194
+ > end
195
+ location / {
196
+ default_type application/json;
197
+ content_by_lua_block {
198
+ Kong.serve_admin_api()
199
+ }
200
+ }
201
+ location /nginx_status {
202
+ internal;
203
+ access_log off;
204
+ stub_status;
205
+ }
206
+ location /robots.txt {
207
+ return 200 'User-agent: *\nDisallow: /';
208
+ }
209
+ }
210
+ > end
211
+ }
0 commit comments